Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 844193 (CVE-2021-41945) - dev-python/httpx: improper URL input validation
Summary: dev-python/httpx: improper URL input validation
Status: CONFIRMED
Alias: CVE-2021-41945
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL: https://github.com/advisories/GHSA-h8...
Whiteboard: B4 [upstream/ebuild]
Keywords:
Depends on:
Blocks:
 
Reported: 2022-05-14 16:03 UTC by John Helmert III
Modified: 2022-05-14 16:03 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-05-14 16:03:05 UTC
CVE-2021-41945 (https://github.com/encode/httpx/discussions/1831):
https://github.com/encode/httpx/issues/2184

Encode OSS httpx <=1.0.0.beta0 is affected by improper input validation in `httpx.URL`, `httpx.Client` and some functions using `httpx.URL.copy_with`.

CVE description is inaccurate/misleading as usual. Fix is here:

https://github.com/encode/httpx/commit/e9b0c85dd4f4e4469c57c4b38e5101fd12081b5c